Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

Custom Pokémon Yellow title screen (requires 6 cheat codes if on boot) - Page 1

Custom Pokémon Yellow title screen (requires 6 cheat codes if on boot)

Posted by: Torchickens
Date: 2020-07-17 13:37:03
I noticed that RAM address $CD3D not only is meant to control Pikachu's eyes, but can run scripts. Out of bound value $20 executes A734 in SRAM, but will be locked by default. This means we have two options, the first I haven't tried yet; 1. use arbitrary code execution to go back to the title screen with CD3D locked, and create your own title screen script or title screen, no cheat codes required. 2. Modify the save file and use the following codes 01203dcd, 0aa-a1b-e65, eaa-a2b-6e9, 00a-a3b-f73, 00a-a4b-192, c9a-a5b-4ca to access the custom title screen on boot. The first code lets you run eye script $20, while the rest turn the OAM DMA script into an SRAM opener.

Note the codes above are a combination of Game Genie and GameShark, which may be impossible with real hardware; for a number of reasons; the combination of GameShark and Game Genie, too many codes for the input screen, and due to Game Genie glitching Game Boy Color palettes it would probably be best on an original DMG Game Boy. That's unless there is custom hardware (or if you could make such a device) that supports lots of Game Genie codes and GameShark at the same time.

On a real cartridge, 01203DCD and 013E80FF, 010A81FF, 01EA82FF, 010083FF, 010084FF, 01C985FF might work.

Another possibility might be to use an eye script that runs WRAM instead of SRAM (which may also make it work on Virtual Console) but you'll have less space for custom title screen graphics which could take up a lot of data (a simple title screen could work though maybe, using FillMemory for long strings of the same byte like 00 or FF.

Because I'm stupid, I still haven't used a OAM DMA mod that doesn't break sprites and I don't know how to properly write to VRAM (with VRAM blanking and stuff) yet. I thought though I could make a glitchy Super Mario 64 title screen based on the "every copy of Super Mario 64 is personalised" meme.

Short animation: https://imgur.com/a/eJAwQNi